Dealing with USB memory stick disposal correctly is so important these days; it could mean make or break for a business, as the recent case brought by the Information Commissioner against Heathrow Airport Limited (HAL) shows.
After a member of the public found a USB memory stick the company had lost, HAL was fined £120,000 for failing to ensure the personal data held on its network was properly secured.
The memory stick was discovered on October 16, 2017 after it had been lost by an employee.
It contained 76 folders and over 1,000 files, and it had not been encrypted or protected by a password.
The person who found it took it to a local library and looked at the material on it and passed it to a national newspaper.
There was a small amount of sensitive and personal data held on it, including a training video which revealed 10 people’s names, passport numbers, dates of birth, and details concerning up to 50 aviation security personnel employed by HAL.
ICO Director of Investigations, Steve Eckersley, said: “Data protection is a boardroom issue and it is imperative that businesses have the policies, procedures and training in place to minimise any vulnerabilities of the personal information that has been entrusted to them.”
The ICO said its investigation found just 2% of the workforce of 6,500 had been trained in data protection.
The investigation also found the widespread use of removable media such as memory sticks in contravention of HAL’s own policies.
Once the company was aware of the matter, it reported what happened to the police, acted to contain the incident, and took on a specialist to monitor the internet and the dark web.
It took action to remedy the situation.
Read more about the case, which was brought under the old Data Protection Act because it pre-dated the General Data Protection Regulation (GDPR) here.
Under GDPR rules, serious breaches can cost companies fines of up to 4% of their worldwide annual turnover, or 20 Million Euros, whichever is the higher.
Taclus Confidential Managing Director David Lovatt said: “It’s easy to forget about removable media such as memory sticks and image cards, but they could cost us dearly if we don’t get them shredded securely. Ensure all your old memory sticks are collected and shredded by a company who can give you a certificate of destruction.”
Why you should choose Taclus Confidential – A South Wales secure shredding company
We offer confidential paper waste, removable media, and hard drive destruction services at affordable prices.
Taclus Confidential holds the accreditations for ISO 9001:2015 for quality management and ISO14001:2015 for environmental management and has been certified by independent auditors IQS for both.
Taclus has also been selected as the confidential waste management partner for Keep Wales Tidy.
If you need advice on dealing with the secure destruction of your confidential waste, contact our friendly and efficient team on 02920 676 714, or email firstname.lastname@example.org